Assignment Example on HIPAA and the HITECH Act

1. Why is it important to establish patient ownership of the healthcare record?

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

It is important to establish the patient ownership of the healthcare record to prevent unauthorized access and use of the healthcare records by both authorized and unauthorized users. Physicians have access to the medical health records but they are not allowed to use the medical records without the consent of the patient or the patient's legal representatives. The patients are allowed under HIPAA to inspect, review and receive their own copy of the medical records and there is also proposed to allow them to amend the health records. The patient should have an exclusive right to determine how their health record can be used as this is part of their privacy.

2. What are the potential negative consequences of the right of amendment and correction of healthcare records by patients?

The right of amendment and correction of the healthcare records by the patent has potential risk including alternation of the patient records without the patient knowledge. The patient might also amend the medical health records in a way that might alter the healthcare related decision and this is why there must be an extent to the level of an amendment that the patient is allowed (Kostkova et al., 2016). Such right might also affect the continuum of care as well as care planning when the patient hides sensitive health information at critical times.

3. How do HIPAA and the HITECH Act help to curb this problem?

HIPAA and hitch Act has a strict requirement for healthcare organization over the control, use, disclosure of patient information that can lead to significant financial, reputational harm. They have set higher privacy and protection rules for PHI (Ross & Lin, 2003). HIPAA and HITECH have a requirement for policies and procedures and organization are required to develop their own rules, policies, and procedures for handling patient data as well as develop their own sanctions for such breach (Cannon & Caldwell, 2016). The organization is required to collect, store and analyze all the log data and monitor any security event that involves authorized access and unauthorized use of the PHI without the patient's access. There are strict rules for compliance and organization are required to establish and implement control access and sanction. Any misuse of patient information by the authorized person must be addressed immediately as a critical issue.

4. How do you envision Health Level 7, HIPAA, and the HITECH Act evolving in the next decade?

Health level 7 is likely to evolve further in the next decade by virtue of the increasing patient awareness of their amendment rights and ownership. There would be more amendment to the HIPAA and HITECH act to accommodate these developments to prevent authorized users from misusing the patient data and also to control patient from misusing and altering their data considering their increased level of access and control over their electronic health records (Miaoulis, 2010).

5. Imagine that you are the designated privacy officer in a healthcare institution. Which types of monitoring procedures would you develop? Would you include in your sanctions for violations policy?

These monitoring procedures would include both reactive and proactive monitoring procedures. The developed solution would include: for example, I would develop staff education and training programs aimed at promoting a culture of awareness (Ross & Lin, 2003). Secondly, I would also conduct privacy rounds in the hospital and physical monitor the building and the activities carried therein. I would also include policies for violation of the hospitals patient health information breach and the sanctions would include suspension of the staff, revocation of the staff clearance and access as well as possible punishment and a dully filled show cause form. The hospital also issues three warnings to the guilty personnel. The researcher would also carry out a random focused audit of the electronic health records access

7. As a privacy officer, how would you address the following?

a. Tracking each point of access to the patient's database, including who entered the data.

I would install software to track and keep a log of all the access to the patient database. The software would record the time and the person who access the patient database as well as their clearance level (Cannon & Caldwell, 2016). The software would assign a unique patient identifier (UPI) to each person that accesses the patient database. Installing and implanting a role-based security access to patient records is also in line with the HIPAA regulations

b. Nurses in your hospital have an access code that gives them access to only their unit's patients. A visitor accidentally comes to the wrong unit looking for a patient and asks the nurse to find out which unit the patient is on.

The nurses have no right to disclosure the unit where the patient is before inquiring about the patient because some visitors may be a health risk to the patient. Never the less, only under an emergency situation should a nurse disclose such information (Ross & Lin, 2003). But the nurse should seek clarification from the RN or Doctor of Nursing Practice before disclosing such information.

c. Encouraging nurses to report privacy and security breaches.

All nurses would train to report privacy and security breaches. The nurses who fail to report suspicious activity would be sanctioned. Some of the sanctions would be a warning, suspension from duties, and revocation of their clearance and if possible counseled to prevent future occurrences

References

Cannon, A., & Caldwell, H. (2016). HIPAA violations among nursing students: the Teachable moment or terminal mistake-A case study. Journal Of Nursing Education And Practice, 6(12). doi: 10.5430/jnep.v6n12p41

Kostkova, P., Brewer, H., de Lusignan, S., Fottrell, E., Goldacre, B., & Hart, G. et al. (2016). Who Owns the Data? Open Data for Healthcare. Frontiers In Public Health, 4. doi: 10.3389/fpubh.2016.00007

Ross, S., & Lin, C. (2003). The Effects of Promoting Patient Access to Medical Records: A Review. Journal Of The American Medical Informatics Association, 10(2), 129-138. doi: 10.1197/jamia.m1147

Miaoulis, W. (2010). Access, Use, and Disclosure: HITECH's Impact on the HIPAA Touchstones. Journal of AHIMA 81, no.3 pp. 38-39; 64.